httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <>
Subject Re: SSL validation
Date Sat, 03 Aug 2002 16:51:28 GMT

On Sat, Aug 03, 2002 at 07:34:45AM -0600, RichardH wrote:
> I was told there is a way to use HTTPS without having to purchase an actual 
> certificate. I know that it can be done by making your own certificate, but 
> how to prevent the warning from popping up on the user side every time?? Is 
> there a way to make it override on the user side without having the SSL 
> cert come from Thawte, etc. ie., with an internally generated certificate 
> (like a cookie almost) ? I was told this can be done via Apache but where 
> do you actually override their (user side) checks of the SSL certification ?

The reason why the pop up does not appear in the browser when the
certificate was issued by Thawte is because Thawte is one of the 'trusted
CAs' that came preinstalled with the browser (For example in internet
explorer go to Tools->Internet options->Content->Certificates->Trusted root
certification authorities   to access the complete list)

To avoid the pop up, either buy one from them or, if you have control over
your clients, you can import the certificate permanently as a recognized one.

I have a chapter online that explains how to configure SSL with Apache 2, that
describes step by step how to create the self-signed certificate.



Teach Yourself Apache 2 --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message